CVE Vulnerabilities

CVE-2026-1288

NULL Pointer Dereference

Published: Jun 17, 2026 | Modified: Jun 29, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

NameVendorStart VersionEnd Version
RevitAutodesk2024 (including)2024.3.5 (excluding)
RevitAutodesk2025 (including)2025.4.5 (excluding)
RevitAutodesk2026 (including)2026.4.1 (excluding)
RevitAutodesk2027 (including)2027.1 (excluding)

Potential Mitigations

References